🔥 BoundaryML / baml - The programming language for agents
GitHub热门项目 | The programming language for agents | Stars: 8,544 | 6 stars today | 语言: Rust
找到 1079 篇相关文章
GitHub热门项目 | The programming language for agents | Stars: 8,544 | 6 stars today | 语言: Rust
GitHub recently launched Agentic Workflows — GitHub Actions combined with an AI agent backed by Claude or GitHub Copilot, writing workflows in plain Markdown. Noma Labs' first question after launch was the obvious one: what happens when the agent reads something it shouldn't trust? The answer: it leaks private repository contents as a public comment. No credentials, no exploit code, no inside access required. "The agent's context window is also its attack surface. Any content the agent reads — whether issues, pull requests, comments, or files — can be weaponized if the agent treats that content as instructional input." What actually happened Noma's researchers crafted a GitHub Issue that looked like a plausible VP Sales request — a normal-looking feature ask with hidden instructions embedded in the body. When GitHub's automation assigned the issue, it triggered an Agentic Workflow configured to: Trigger on issues.assigned events Read the issue title and body Post a comment using the add-comment tool Run with read access to other repositories in the organisation — including private ones The hidden instructions told the agent to fetch README.md from repos across the org and post the contents as a comment on the public issue. It did exactly that, including the contents of testlocal — a private repository. The proof-of-concept is live: the workflow run and the issue are public. The guardrail bypass GitHub had defences in place to prevent this. They didn't hold. Noma found that adding the word "Additionally" to the injected instructions caused the model to reframe its output rather than refuse — bypassing the guardrails entirely. A single keyword was enough to undo the intended safety behaviour. This is what makes prompt injection particularly uncomfortable: guardrails tuned against known attack patterns can be bypassed by anyone willing to iterate on the phrasing. The attacker's loop is cheap; the defender's loop is not. The bigger pattern Noma names this explicitly: pr
GitHub热门项目 | A lightweight desktop app to manage, sync, and organize AI agent skills across 15+ coding tools — Cursor, Claude Code, Codex, Copilot, and more. | Stars: 3,051 | 51 stars today | 语言: Rust
GitHub热门项目 | The Rust package registry | Stars: 3,644 | 4 stars today | 语言: Rust
GitHub热门项目 | The fullstack MCP framework to develop MCP Apps for ChatGPT / Claude & MCP Servers for AI Agents. | Stars: 10,306 | 18 stars today | 语言: TypeScript
GitHub热门项目 | iMessage personal agent: choose Claude Agent SDK (Claude Code) or Codex app-server runtime (Codex/ChatGPT), with memory, sub-agents, automations, integrations. | Stars: 1,044 | 40 stars today | 语言: TypeScript
GitHub热门项目 | One-stop shop for building AI-powered products and businesses with Stripe. | Stars: 1,674 | 12 stars today | 语言: TypeScript
GitHub热门项目 | The open source server management software for SSH, VNC & RDP | Stars: 4,790 | 97 stars today | 语言: JavaScript
GitHub热门项目 | Agentic RL Training at Scale | Stars: 1,656 | 13 stars today | 语言: Python
GitHub热门项目 | 闲鱼自动回复管理系统是一个基于 Python + FastAPI 开发的自动化客服系统,专为闲鱼平台设计。系统通过 WebSocket 连接闲鱼服务器,实时接收和处理消息,提供智能化的自动回复服务。同时集成闲鱼自动发货,自动评价,自动擦亮等功能,实现闲鱼虚拟商品自动化流程。 | Stars: 5,759 | 42 stars today | 语言: Python
GitHub热门项目 | Biomni: a general-purpose biomedical AI agent | Stars: 3,461 | 32 stars today | 语言: Python
GitHub热门项目 | Lightweight, open-source AI agent for your tools, chats, and workflows. | Stars: 45,639 | 120 stars today | 语言: Python
GitHub热门项目 | DeepTutor: Lifelong Personalized Tutoring. https://deeptutor.info/. | Stars: 26,041 | 128 stars today | 语言: Python
I have a script called git_commit.py in one of my repos. It shells out to claude -p with the staged diff, gets back a Conventional Commit message, and prints it. It's wired into a prepare-commit-msg git hook so every commit gets a pre-filled message for free. Small, dumb, useful. The first version had one instruction in the system prompt: "Output ONLY the commit message — no explanation, no markdown, no quotes." That's it. It worked fine for a while, and then one day a commit landed with a trailing Co-Authored-By: Claude <noreply@anthropic.com> line that I never asked for and definitely didn't want on a personal repo's history. I did the obvious thing first: I made the prompt more specific. SYSTEM = ( " You are a git commit message generator. " " Output ONLY the commit message — one line, no explanation, no markdown, no quotes, " " no co-author lines, no signatures, no AI references. " " Follow Conventional Commits: type(scope): subject. " " Types: feat, fix, docs, style, refactor, test, chore. " " Subject: imperative, lowercase, max 72 chars. " ) This is the same move I see everywhere: the CLAUDE.md file in that same repo has a line that says, in bold, "NEVER add Co-Authored-By: or any Claude/AI reference to commit messages." I've seen the same pattern in a dozen other people's prompt files — a growing list of "never do X" instructions bolted onto a system prompt, each one added reactively after X happened once. It helped. It did not solve it. A model call is a sample from a distribution, not a function with a guaranteed return type. Any single generation can still ignore an instruction — a longer diff, a different day, a subtly different phrasing of the request, and the same "never" line just doesn't fire. I don't actually know the mechanism on any given miss and I don't need to. The point is: a natural-language instruction is advisory. It shifts probability mass, it doesn't clamp it. I ran into an article on dev.to making a point that reframed this for me: the al
Every time your bot merges a two-hour-old release into main, you are trusting a stranger's freshly published tarball to be the same one everyone else is looking at. Sometimes that release is a real bugfix. Sometimes it is a maintainer who fat-fingered a token, or an attacker who did not, and either way your CI cheerfully rebases against it before anyone had a chance to notice. On 2026-07-14, GitHub added a pause. Not a big one. But a real one. The actual change Dependabot version updates now sit on their hands for three days after a package is published. According to the GitHub Changelog, a release has to have been available on its registry for at least that long before Dependabot will open a version-update pull request against your repository. The cooldown is on by default and requires no configuration. It applies across every ecosystem Dependabot supports on github.com, and GitHub Enterprise Server picks it up in GHES 3.23. Security updates are exempt. If a fix for a known vulnerability lands, Dependabot will still open the PR the moment it can, because a three-day delay on the patch defeats the entire point of shipping the patch. That single carve-out is the whole design. Why three days is doing so much work Three days is not enough time to audit a package. Nobody is pretending otherwise. What three days is enough for is someone else to notice. Most malicious releases that end up on a public registry get pulled quickly once security researchers, downstream maintainers, or the registry's own scanners spot the pattern. The typosquats, the hijacked accounts, the crypto miners buried in a postinstall script: they all rely on being pulled into build automation before the pattern is visible. Dependabot's old default was to be that automation. Its new default is to let the pattern show up first. You can read this change as GitHub quietly admitting that "always up to date" was the wrong marketing promise for a supply-chain tool. The knob, and what shifted about it Cooldo
The restrictions, which can be turned off, will include a crackdown on “addictive” app features and will be in addition to a total ban on children under 16 accessing platforms like TikTok and YouTube.
A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
GitHub热门项目 | 👩🏿💻👨🏾💻👩🏼💻👨🏽💻👩🏻💻中国独立开发者项目列表 -- 分享大家都在做什么 | Stars: 52,940 | 1,194 stars today | 语言: Python
GitHub热门项目 | The Python programming language | Stars: 73,794 | 438 stars this week | 语言: Python
GitHub热门项目 | WeChat local data CLI with daemon architecture | Stars: 4,006 | 85 stars today | 语言: Rust